net/ssl/client_cert_store_unittest-inl.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
   6 #define NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/files/file_path.h"
  12 #include "base/memory/ref_counted.h"
  13 #include "base/memory/scoped_ptr.h"
  14 #include "net/base/test_data_directory.h"
  15 #include "net/ssl/ssl_cert_request_info.h"
  16 #include "net/test/cert_test_util.h"
  17 #include "testing/gtest/include/gtest/gtest.h"
  18
  19 namespace net {
  20
  21 namespace {
  22
  23 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem
  24 const unsigned char kAuthority1DN[] = {
  25   0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
  26   0x04, 0x42, 0x20, 0x43, 0x41
  27 };
  28
  29 // "CN=E CA" - DER encoded DN of the issuer of client_2.pem
  30 unsigned char kAuthority2DN[] = {
  31   0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
  32   0x04, 0x45, 0x20, 0x43, 0x41
  33 };
  34
  35 }  // namespace
  36
  37 // Use a templated test to provide common testcases for all the platform
  38 // implementations of ClientCertStore. These cases test the client cert
  39 // filtering behavior.
  40 //
  41 // NOTE: If any test cases are added, removed, or renamed, the
  42 // REGISTER_TYPED_TEST_CASE_P macro at the bottom of this file must be updated.
  43 //
  44 // The type T provided as the third argument to INSTANTIATE_TYPED_TEST_CASE_P by
  45 // the platform implementation should implement this method:
  46 // bool SelectClientCerts(const CertificateList& input_certs,
  47 //                        const SSLCertRequestInfo& cert_request_info,
  48 //                        CertificateList* selected_certs);
  49 template <typename T>
  50 class ClientCertStoreTest : public ::testing::Test {
  51  public:
  52   T delegate_;
  53 };
  54
  55 TYPED_TEST_CASE_P(ClientCertStoreTest);
  56
  57 TYPED_TEST_P(ClientCertStoreTest, EmptyQuery) {
  58   std::vector<scoped_refptr<X509Certificate> > certs;
  59   scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
  60
  61   std::vector<scoped_refptr<X509Certificate> > selected_certs;
  62   bool rv = this->delegate_.SelectClientCerts(
  63       certs, *request.get(), &selected_certs);
  64   EXPECT_TRUE(rv);
  65   EXPECT_EQ(0u, selected_certs.size());
  66 }
  67
  68 // Verify that CertRequestInfo with empty |cert_authorities| matches all
  69 // issuers, rather than no issuers.
  70 TYPED_TEST_P(ClientCertStoreTest, AllIssuersAllowed) {
  71   scoped_refptr<X509Certificate> cert(
  72       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
  73   ASSERT_TRUE(cert.get());
  74
  75   std::vector<scoped_refptr<X509Certificate> > certs;
  76   certs.push_back(cert);
  77   scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
  78
  79   std::vector<scoped_refptr<X509Certificate> > selected_certs;
  80   bool rv = this->delegate_.SelectClientCerts(
  81       certs, *request.get(), &selected_certs);
  82   EXPECT_TRUE(rv);
  83   ASSERT_EQ(1u, selected_certs.size());
  84   EXPECT_TRUE(selected_certs[0]->Equals(cert.get()));
  85 }
  86
  87 // Verify that certificates are correctly filtered against CertRequestInfo with
  88 // |cert_authorities| containing only |authority_1_DN|.
  89 TYPED_TEST_P(ClientCertStoreTest, CertAuthorityFiltering) {
  90   scoped_refptr<X509Certificate> cert_1(
  91       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
  92   ASSERT_TRUE(cert_1.get());
  93   scoped_refptr<X509Certificate> cert_2(
  94       ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem"));
  95   ASSERT_TRUE(cert_2.get());
  96
  97   std::vector<std::string> authority_1(
  98       1, std::string(reinterpret_cast<const char*>(kAuthority1DN),
  99                      sizeof(kAuthority1DN)));
 100   std::vector<std::string> authority_2(
 101       1, std::string(reinterpret_cast<const char*>(kAuthority2DN),
 102                      sizeof(kAuthority2DN)));
 103   EXPECT_TRUE(cert_1->IsIssuedByEncoded(authority_1));
 104   EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2));
 105   EXPECT_TRUE(cert_2->IsIssuedByEncoded(authority_2));
 106   EXPECT_FALSE(cert_2->IsIssuedByEncoded(authority_1));
 107
 108   std::vector<scoped_refptr<X509Certificate> > certs;
 109   certs.push_back(cert_1);
 110   certs.push_back(cert_2);
 111   scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
 112   request->cert_authorities = authority_1;
 113
 114   std::vector<scoped_refptr<X509Certificate> > selected_certs;
 115   bool rv = this->delegate_.SelectClientCerts(
 116       certs, *request.get(), &selected_certs);
 117   EXPECT_TRUE(rv);
 118   ASSERT_EQ(1u, selected_certs.size());
 119   EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get()));
 120 }
 121
 122 REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest,
 123                            EmptyQuery,
 124                            AllIssuersAllowed,
 125                            CertAuthorityFiltering);
 126
 127 }  // namespace net
 128
 129 #endif  // NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_